Vulnerability Details CVE-2024-40522
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.4%
CVSS Severity
CVSS v3 Score 8.8
References